Legal

Privacy Policy

Effective 7 June 2026 · Version 1.0

The short version: You own your documents. We store them securely in Europe. We use Google Cloud Vision to read the text in your uploads, and an AI model to categorise them — both happen before encryption. We never sell your data. You can export or delete everything at any time.

1.Who we are

ClearChive (“ClearChive”, “we”, “us”, “our”) is the data controller responsible for your personal data. We operate the mobile app, the web portal at app.clearchive.com, and the API at api.clearchive.com.

Privacy questions: privacy@clearchive.com

2.What we collect and why

Account and identity

  • Name and email address — required to create and identify your account, and to send you service emails (verification link, password reset, billing receipts).
  • Profile picture — optional; sourced automatically from Google or Apple if you use social sign-in.
  • Backlog size and goal date — numbers you enter to track your scanning progress. Used only to power the in-app progress dashboard.

Authentication and sessions

  • Passwords — stored as a one-way hash. We never see or store your plaintext password.
  • OAuth tokens — if you sign in with Google or Apple, we store the tokens they return so we can maintain your login link.
  • Session tokens, IP address, and device User-Agent — recorded when you sign in, used for security and fraud detection. Deleted when you sign out or your session expires.

Your documents

  • Document files — the images and PDFs you upload. Stored encrypted (AES-256-GCM) on Hetzner Object Storage in the EU. Only you can decrypt them.
  • OCR text — the text extracted from your document by Google Cloud Vision. Stored in our database to power search.
  • AI-generated metadata — document type, suggested filename, date, summary, and key entities, generated by our AI classification model. Stored in our database alongside the OCR text.
OCR extraction and AI classification happen before encryption. Your document content passes through Google Cloud Vision and our AI provider (currently Google Gemini) as plaintext during this step. See section 5 for details on these processors.

Billing and subscription

  • Subscription tier and billing dates — what plan you are on and when it renews.
  • Stripe customer and subscription IDs — references to your Stripe records. We never store your card number, CVC, or bank details — those are handled entirely by Stripe.

3.Legal bases for processing (GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

Processing activityLegal basis
Account creation and managementContract performance (Art. 6(1)(b))
Document storage and retrievalContract performance (Art. 6(1)(b))
OCR text extraction and AI classificationExplicit consent (Art. 6(1)(a) + Art. 9(2)(a))
Payment processing and billingContract performance (Art. 6(1)(b))
Transactional email (verification, resets)Contract performance (Art. 6(1)(b))
Session logging (IP, device) for securityLegitimate interests (Art. 6(1)(f))
Legal, tax, and compliance obligationsLegal obligation (Art. 6(1)(c))

Special-category data (GDPR Art. 9): ClearChive is designed to archive documents that may contain medical information, identity data, and financial records — all classified as special-category data under GDPR. The legal basis is your explicit consent. You provide that consent by choosing to upload such documents to the service. You may withdraw consent at any time by deleting the relevant documents.

4.How we use your information

  • To provide the service — upload, process, store, search, and retrieve your documents.
  • To run OCR and AI classification — extract text and categorise each document automatically so you can find it later.
  • To enable full-text search — index OCR-extracted text in our database using PostgreSQL full-text search. Your search queries never leave our servers.
  • To send transactional emails — email verification links, password resets, and billing notifications.
  • To process payments — integrate with Stripe to handle subscriptions and one-time purchases.
  • To ensure security — log session information (IP address, device) to detect fraud and unauthorised access.
  • To improve the service — review aggregated, anonymised usage patterns (not individual document content). We do not use your document content to train AI models.

5.Third-party processors

We do not sell your data. We work with the following processors, each bound by a Data Processing Agreement:

ProcessorPurposeData sentLocation
Google Cloud Vision APIOCR — reads text from your documentsFull document content (image/PDF), unencryptedGoogle Cloud (EU/US)
Google Gemini APIAI classification of document type and metadataOCR-extracted textGoogle Cloud (US)
StripePayment processingName, email, billing detailsUS (SCCs in place)
ResendTransactional email deliveryYour email address and email contentUS (SCCs in place)
Hetzner Object StorageEncrypted file storageAES-256-GCM ciphertext only — never plaintextGermany & Finland (EU)
AppleSign In with Apple authenticationIdentity token (verified locally)Apple infrastructure
GoogleSign In with Google authenticationOAuth tokensGoogle infrastructure
About AI and OCR processing: When you upload a document, it is sent to Google Cloud Vision for text extraction, and then the extracted text is sent to Google Gemini for classification. Both of these steps occur before the file is encrypted and stored. We select processors whose enterprise API terms confirm that your content is not used to train their models. Nevertheless, you should be aware that your document content passes through these third-party services as a normal part of how the service works.

We may update the active AI provider (e.g. switch between Google Gemini, Anthropic Claude, and OpenAI GPT). When we do, we update this table and ensure the replacement provider is bound by a GDPR-compliant DPA.

6.Data storage and security

  • Document files — encrypted with AES-256-GCM before being written to Hetzner Object Storage (Germany/Finland). Each user has a unique Data Encryption Key (DEK). The DEK itself is wrapped with a master key held only in our server environment — never in the database.
  • OCR text and AI metadata — stored in our PostgreSQL database on a Hetzner VPS (Germany/Finland). The database is access-controlled but this data is not encrypted at the field level. It is required to be readable in order for search to work.
  • All infrastructure is in the EU — primary servers, database, and object storage run in Germany or Finland.
  • Security incident response — in the event of a breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Articles 33 and 34.

No service can guarantee perfect security. We strongly recommend keeping independent copies of documents that are important to you.

7.Data retention

  • Active documents — kept until you delete them or close your account.
  • Account data — kept while your account is active.
  • On account deletion — all documents (files and database records including OCR text) are permanently deleted within 30 days. Session data is deleted immediately.
  • Backups — backup copies are purged within 60 days of the deletion event.
  • Billing records — subscription and payment records are retained for 7 years for accounting and legal compliance purposes. Stripe retains its own payment records under its policy.
  • Legal hold — we may retain data longer than the above if required by applicable law or an active legal proceeding.

8.Your rights

You have the following rights over your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Portability — export all your documents at any time using the in-app Export function, which produces a ZIP of all your documents as PDFs. You can also request a structured export of your account metadata.
  • Correction — update your account details in Settings. Correct AI-generated document names and types directly in the app.
  • Deletion (Right to Erasure) — delete individual documents in the app. To delete your entire account and all associated data, email us at privacy@clearchive.com.
  • Restriction — ask us to restrict processing while a complaint is under review.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent (OCR and AI classification), you may withdraw by deleting the relevant documents.

EU and UK residents may also lodge a complaint with their national supervisory authority — for example, the CNIL (France), BfDI (Germany), or the ICO (UK).

To exercise any of these rights: privacy@clearchive.com. We respond within 30 days.

9.International data transfers

ClearChive stores data primarily in the EU (Hetzner, Germany and Finland). Some processors — Stripe, Resend, Google (Vision, Gemini, OAuth), and Apple — are located in the United States. Transfers to these processors are made under Standard Contractual Clauses (SCCs) adopted under GDPR Article 46. We maintain Data Processing Agreements with each processor.

10.Cookies and tracking

  • Authentication cookies — we set a session cookie to keep you signed in to the web app. This is essential to the service.
  • No advertising cookies — we do not use tracking pixels, advertising cookies, or third-party analytics that profile you.
  • No cross-site tracking — we do not share your data with advertising networks.

You may delete cookies via your browser settings at any time; this will sign you out of the web app. If we add analytics in future, we will update this policy and seek consent where required.

11.Children's privacy

ClearChive is not directed to anyone under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that a user is under 18, we will delete their account and all associated data promptly.

12.Changes to this policy

We will give you 30 days’ advance notice of material changes by email to your registered address. Minor changes (e.g. correcting a typo, clarifying a processor name) will be made without notice but the effective date will be updated. Continuing to use ClearChive after a change takes effect constitutes acceptance of the revised policy.

13.Contact us

For privacy matters: privacy@clearchive.com
For general enquiries: hello@clearchive.com

Response time: we aim to reply within 2 business days and to resolve rights requests within 30 days.

← Back to homeTerms of Service